| Taint analysis,as an implementation form of information flow analysis,establishes an analysis model of whether values from untrusted methods and parameters can flow into security-sensitive operations to find potential security vulnerabilities in Web applications.Taint analysis is divided into static taint analysis and dynamic taint analysis.Taint analysis,which can find common vulnerabilities in many Web applications,such as SQL injection and XSS attacks,has attracted extensive attention from the research community and the industry.Combined with static analysis and dynamic verification,a solution to SQLIA vulnerability detection and verification based on intermediate code level is proposed in this paper.This paper first converts the Java and Jsp source code of Web application into a unified intermediate code form-Jimple,then obtains the Source set and Sink set of the program through global static analysis,then divides Source into native and non-native categories,and maps the non-native Source to the corresponding native Source,to ensure the reliability of Source.And then combined with the same method,Request,Sess.The potential execution path between Source and Sink is preliminarily determined by ion and method call information,which effectively eliminates the impossible execution path and avoids the path explosion problem.Then the path set between the corresponding Source,Sink is analyzed by the live variables,and the corresponding path is determined by the taint propagation of the live variables.At the same time,the automatic analysis tool TASAT.of static taint analysis is completed.Finally,the path verification is completed based on dynamic instrumentation and dynamic taint propagation,and the taint analysis method combining static analysis with dynamic verification is completed.The test results of open source web project show the effectiveness of the method. |
PDF Full Text Request